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Abstract — We propose a new algorithm for decoding Reed- 
Solomon codes (up to half the minimum distance). The proposed 
algorithm is similar in spirit and structure to the Berlekamp- 
Massey algorithm, but it applies to more general codes (including 
polynomial remainder codes). The algorithm can also be used to 
compute inverses in F[x]/m(x). 

I. Introduction 
Let F be a finite field, let 0o, . . . , /3 n _i be n different 
elements of F, let m(x) = Y[e=o( x ~ ^ et F[x\/m(x) 
be the ring of polynomials modulo m(x), and let ip be the 
evaluation mapping 
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^ : F[x]/m(>) ^ : a(x) ^ (a(/? ), • ■ • , a(/3„-i)), (1) 

which is a ring isomorphism. A Reed-Solomon code fi], |2| 
with blocklength n and dimension k may be defined as 

{c = (co, ■ • ■ , c„) € F n : deg V _1 (c) < fc}, (2) 

usually with the additional condition that 

& = a* for^ = 0,...,n-l, (3) 

where a E F is a primitive n-th root of unity. The condition 
Q implies 

m(x) =x n -l (4) 

and turns ip into a discrete Fourier transform J5). 

The standard algorithms for decoding Reed-Solomon codes 
up to half the minimum distancd^ are based either on the 
Berlekamp-Massey algorithm |4), |5) or on the Euclidean 
algorithm for computing the gcd (greatest common divisor) 
of two polynomials J6|, J2|, BJ, (7). For Berlekamp-Massey 
decoding, the condition Q is essential. 

In this paper, we propose an algorithm that is similar in spirit 
and structure to the Berlekamp-Massey algorithm, but it works 
for any code defined by (|2]i and does not need ([3]) and |4]). 
Moreover, the proposed algorithm works also for polynomial 
remainder codes |9l-fl2|, which include Reed-Solomon codes 
as a special case. Nonetheless, in the special case ^ and 
Q, the algorithm is almost identical to (and as efficient as) 
the Berlekamp-Massey algorithm, except that it processes the 
syndrome polynomial in reverse order. However, the derivation 
of the algorithm is based on a new problem formulation (to be 
stated in Section [ll]i that may be of interest in its own right. In 
particular, the proposed algorithm can also be used to compute 

'Decoding beyond half the minimum distance (cf. j8j, 0) is beyond the 
scope of this paper. 



the inverse of b(x) in F[x]/f(x) (for any fixed f[x] G F[x] 
with deg/(x) > 1) if it exists. 

It should be mentioned here that Berlekamp-Massey decod- 
ing and gcd-based decoding are well known to be related, 
and explicit translations were given in fl3) , fl4) . In fact, 
the algorithm proposed in this paper may be used as an 
intermediate in such a translation, which makes the translation 
more transparent. However, we will not elaborate this topic in 
the present paper. 

The paper is structured as follows. The new problem for- 
mulation and the proposed algorithm are given in Section [TT] 
The application of the proposed algorithm to decoding Reed- 
Solomon codes is discussed in Section III The proposed 



algorithm is explained and proved in Sections IV and [V] The 
application of the proposed algorithm to decoding polynomial 
remainder codes is outlined in the appendix. 

We will use the following notation. The Hamming weight 
of e £ F n will be denoted by wn(e). The coefficient of 
x e of a polynomial b(x) € F[x] will be denoted b#. The 
leading coefficient (i.e., the coefficient of x dceb ( x )) of a 
nonzero polynomial b(x) will be denoted by lcfb(x), and 
we also define lcf(O) = 0. We will use "mod" both as in 
r(x) = b(x) mod m(x) (the remainder of a division) and as 
in b(x) = r(x) mod m(x) (a congruence modulo m(x)). 

II. Problem Statement and Proposed Algorithm 



As we shall see in Section III decoding can be reduced to 
the following problem. 

Problem: For given nonzero polynomials b(x) and m(x) G 
F[x] with degb(x) < degm(x), and given d € Z, 1 < d < 
degm(x), find a nonzero polynomial A(x) e F[x] of the 
smallest degree such that 



deg (b(x)A(x) mod m(x) 



< d. 



(5) 

□ 



Remarks: 

1) The stated assumptions imply degm(x) > 1, 

2) In contrast to Section [I] we do not assume here that 
m(x) is a product of linear factors: any nonzero m(x) 
is admitted. 

3) For d — degm(x), A(x) = 1 will do. Smaller values 
of d will normally require a polynomial A(x) of higher 
degree. 

4) Eq. <j5j has always at least one solution A(x) for any 
d > 1. If gcd(6(x), m(x)) = 1, then b(x) has an inverse 
in F[x]/m(x); choosing A(x) to be that inverse yields 



1. If deg(gcd(6(a;), m(x))) > 
m{x)/ gcd(b(x), m(xj\ yields 



b(x)A(x) mod m(x) 
0, choosing A(x) 
b(x)A(x) mod m(x) = 0. 
5) We will see that the solution A(x) of the stated problem 
is unique up to a scale factor (Proposition [2] in Sec- 
tion [rvT> and satisfies 



degA(x) < degm(;r) 



(6) 



(by (|47j in Section |V). 
6) Because of (|6}, the coefficients bg with 

£ <2d-degm{x) (7) 

are irrelevant. 

The stated problem is solved by the following algorithm. 
Proposed Algorithm: 

Input: b(x), m(x), and d as in the problem stated above. 
Output: A(x) as in the problem statement. 
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if deg b(x) < d begin 
return A(x) := 1 

end 

AW (ar) := 0, di := degm(ar), K\ := lcf m(x) 
A( 2 )(a;) := 1, d 2 := deg6(x), k 2 := lcf 6(a;) 
loop begin 

AM(x) := k 2 AW(x) - mx^-^A^ix) 

d\ := deg (b(x)A^ 1 '{x) mod m(x)) 
if di < d begin 

return A(x) := A^(x) 

end 

«i := lcf (ii(i)AW(i) mod m(x)) 



if di < d 2 begin 

(A( 1 )(a;),A( 2 )(a;)) := 
(di,d 2 ) := (d 2 ,di) 
(ki,k 2 ) := («2,/ei) 

end 



(AW (a;), AW (a;)) 



end 



□ 



Note that lines 



14 



16 



simply swap A^(x) with A^ 2 ^(x), 
di with d 2 , and K\ with k 2 . The only actual computations are 
in lines [7] and [8] 

The correctness of this algorithm will be proved in Sec- 
tion [V] In particular, we will see that the value of di is reduced 
in every execution of line [8] 

Note that lines [8] and [12] do not require the computation of 
the entire polynomial b{x)A^ (x) mod m(x). Indeed, lines]! 1 
12 can be replaced by the following loop: 



12 



Equivalent Alternative to Lines [& 

3 1 repeat 

32 di := di - 1 

33 if di < d begin 

34 return A(x) := AW(i) 

35 end 



36 



37 



K\ := coefficient of x dl in 

6(a;)AW(a;) mod m{x) 
until «i 7^ 



In the special case where m(x) 
41 



1, line 36 



Ki :=6 dl A[ ) 1) +& [dl _ 1] Aj 1) + 



amounts to 

h 



-t1 A t 



with r = deg AW (a;) and where the bm = bi mo d n - I n this 
case, the proposed algorithm looks very much like, and is as 
efficient as, the Berlekamp-Massey algorithm Q. 

We conclude this section by noting that the proposed 
algorithm can also be used to compute the inverse of b(x) 
in F[x]/m(x), if it exists (cf. Remark [4] above). To this end, 
run the algorithm with d = 1. The algorithm then returns a 
polynomial A(x) such that 



b(x)A(x) mod m(x) G F \ {0} 



(8) 



if an inverse exists and b(x)A(x) mod m(x) = if no inverse 
exists. 

III. Application of the Proposed Algorithm to 
Decoding Reed-Solomon Codes 

Let C be a (n, k) Reed-Solomon code over F as in Section]!] 
but without requiring ^ and Q. Let y = (y , . . . , y n ~i) £ 
F n be the received word, which we wish to decompose into 



y 



(9) 



where c € C is a codeword and where the Hamming weight 
of e = (eo, . . . , e„_i) € i 7 "™ is as small as possible. 

Let C(x) — -0 _1 (c), and analogously E(x) = %jj~~ 1 (e) 
and = tjj^ 1 (y). Clearly, we have degC(ir) < k and 

degE(x) < degm(x) = n. 

For any e G we define (in the usual way) the error 
locator polynomial 



A e (x) 



n 



l e {0, ... ,n- 



1} 



Clearly, degA e (a;) = wn(e) and 

E(x)A e (x) mod m(x) = 0. 



(10) 



(11) 



Theorem 1. If wjj(e) < rL ^ 1 , then the error locator polyno- 

k 



mial A e (x) satisfies 

deg (Y(x)A e (x) mod m(x)) < n — 



Conversely, for any y and e G F n and t G 

n — k 



2 

with 



w H (e) < t < 



(12) 



(13) 



if some nonzero A(ir) G F[x] with degA(x) < t satisfies 

deg (y(x)A(x) mod m(x)^j < n-t, (14) 
then A(x) is a multiple of A e (x). 



□ 



The proof is given below. We thus arrive at the following 
decoding procedure: 



1) Compute Y(x) = ij)~ l (y). 

2) Run the algorithm of Section |n] with b(x) = Y(x) and 
d = \ 7J 4^] . If w H (e) < rjL Y i , then the polynomial A(x) 
returned by the algorithm equals A e (x) up to a scale 
factor. 

3) Complete decoding by any standard method BJ or by 
means of Proposition [T] below. 

Note that in Step 2, because of (j7|, coefficients of Y(x) 
with 

(15) 



(16) 



I < 2 

k, if n — k is even 
fc + 1, if n — k is odd 

are irrelevant. 

As mentioned, decoding can be completed by the following 
proposition: 

Proposition 1. If A(x) is a nonzero multiple of A e (x) with 
degA(a;) < n — k, then 

Y(x)A(x) mod m(x) 



C{x) 



A{x) 



(17) 

□ 



Proof: If A(x) has the stated properties, then 

Y(x)A(x) mod m(x) 

= C(x)A(x) mod m(x) + E(x)A{x) mod m(x) (18) 
= C(x)A(x), (19) 
where the second term in ( p~8] > vanishes because of ( fTTj ). □ 
Proof of Theorem [TJ From ( [19) , we have 

deg (y(x)Ae(x) mod to(x)) < fc + w H (e), (20) 



n-k 
2 



n— k 



and ( 12 1 follows from k + wn(e) < k 

As ior the converse, assume (13 1, (14i, and degA(a;) < t 
and consider 

Y(x)A(x) mod m{x) = C(x)A(x) + E(x)A(x) mod m(x). 

(21) 

Under the stated assumptions, the degree of the left-hand side 
of pi) is smaller than n — t and also 



< k + t<n — t. 



It follows that 



deg (c(x)A(a 
t 

deg (e(x)A(x) mod m(x)^J < n — t. 



(22) 
(23) 
(24) 



Now write 

E(x)A(x) = Q(x)m(x) + E(x)A(x) mod m(x) 

according to the polynomial division theorem. But E(x) (and 
thus E(x)A(x)) has at least n — wn(e) > n — t zeros in the 
set {/3o, p n -i}. It follows that E(x)A(x) mod m(x) 

has also at least n — t zeros (in this set), which contradicts 
( |23] l unless 

^(x)A(x) mod m(x) = 0. (25) 



But any nonzero polynomial A(x) that satisfies (25 1 is a 
multiple of the error locator polynomial (10 1. □ 



IV. Key Elements of the Proof 

We return to the problem and the algorithm proposed in 
Section [II] In this section, we discuss some key elements of 
the proposed algorithm and its proof. The actual proof will 
then be given in Section [V] 

The pivotal part of the algorithm is line [7J which is ex- 
plained by the following lemma. (The corresponding statement 
for the Berlekamp-Massey algorithm is known as the two- 
wrongs-make-a-righ^ lemma.) 

Lemma 1. Let m(x) be a polynomial over F with deg m(x) > 
1. For further polynomials b(x), A (1) (x), A (2) (x) e F[x], let 



r (1) (ir) = b(x)A ( - 1 ^(x) mod m(x), 
r (2) (V) = b{x)A( 2) (x) mod m(x), 

di = degr(^(x), K\ = lcfr^^a;), d 2 = degr^ 2 \x), 
\cf A 2 ^ (x) , and assume di>d 2 > 0. Then 



satisfies 



A(x) = K 2 A^(x) ~ K lX dl - d2 A (2 \x) 



deg (b(x)A(x) mod m(x)j < d± 



Proof: From d28l), we obtain 



r(x) = b(x)A(x) mod m(x) 

= K 2 r {1) {x) - K lX dl - d2 r (2) (x) 



(26) 
(27) 

A 

«2 = 

(28) 

(29) 

□ 



(30) 
(31) 



by the natural ring homomorphism F[x) —> F[x]/m(x). It is 
then obvious from (31 1 that degr(a;) < degr^^a;) = d%. □ 



A similar argument proves 

Proposition 2 (Uniqueness of Solution). The solution A(x) 
of the problem of Section [TT] is unique (up to a scale factor). 

□ 

Proof: Let A^(x) and A^ 2 )(a;) be two solutions of the 
problem, which implies deg A^(x) = deg A^(x) > 0. 
Define r^(x) and r^{x) as in (26i and (27 1 and consider 



AO) = (lcf A^(x)^A^(x)- (lcf A {1 \x)^AW{x). (32) 



Then 



r(x) = b(x)A(x) mod m(x) (33) 
= (lcf ^(ijjrWfi) - (lcf A^(x)y^(x), (34) 



which implies that A(x) also satisfies |5}. But (32 1 implies 
degA(x) < degA^^a;), which is a contradiction unless 
A(a;) = 0. Thus A(x) = 0, which means that A^^a;) and 
A( 2 )(a;) are equal up to a scale factor. □ 

Definition (Remainder-Minimal): For fixed nonzero b(x) and 
m(x) G F[x] with deg6(a;) < degm(a;) (as in the problem of 

2 So called by J. L. Massey in many of his lectures. 



Section [51, a nonzero polynomial A(x) € F[x] is remainder- 
minimal if 

deg f&(x)A^(x) mod m(x)^ < deg ^6(x)A(x) mod m(x)J 

(35) 

(with A (1) (x) 7^ 0) implies degA (1) (x) > degA(x). 

The following lemma is the counterpart to Theorem 1 of J5J. 

Lemma 2 (Degree Change Lemma). For fixed nonzero b(x) 
and m(x) E F[x] with deg&(x) < degTO(x), let A(x) be a 
remainder-minimal polynomial and let 



r(x) = 6(x)A(x) mod m(x). 



(36) 



If 



degA(x) < degm(x) — degr(x), (37) 
then any nonzero polynomial A'^(x) € F[x] such that 

deg (&(x)A (1) (x) mod m(x)) < degr(x) (38) 

satisfies 

deg AW (x) > degm(x) — degr(x). (39) 

□ 

The proof is given below. 

Corollary: Assume everything as in Lemma [2] including ( |3~7| > 
and (38 1. If (39i is satisfied with equality, then A^(x) is also 



remainder-minimal. 



Proof of Lemma [2| Assume that A^(x) is a nonzero 
polynomial that satisfies ([3~8|, i.e., the degree of 



satisfies 



r^(x) = b(x)A^(x) mod m(x) 
degr^'(x) < degr(x). 



(40) 



(41) 



Multiplying (36 1 by A (1) (a;) and (40 • by A(x) yields 
A^ 1 ' (x)r(x) = A(x)r^\x) mod ro(i). 



(42) 



If we assume both ( |37| and (contrary to ( 39 1) 

degA^^x) < degm(x) — degr(x), 
then ( |42] i reduces to 

A«(x)r(x) =A(s)rW(a). 



But then (41 



implies deg A' 1 ) (a;) < degA(x), which is 
impossible because A(x) is remainder- minimal. Thus (37i and 
(43 1 cannot hold simultaneously. □ 



V. Proof of the Proposed Algorithm 

We now prove the correctness of the algorithm proposed in 
Section [II] To this end, we restate the algorithm with added 
assertions as follows. 

Proposed Algorithm Restated: 



if deg b(x) < d begin 
return A(x) := 1 

end 

AW(x) := 0, d\ :=degm(x), Ki :=lcfm(x) 
AW(x) := 1, d 2 := deg&(x), k 2 := lcf b(x) 
loop begin 



Assertions: 




d\ > d 2 > d 


(A.l) 


degA( 2 )(x) = degm(x) — d\ 


(A.2) 


> degA«(x) 


(A.3) 


A^ 2 )(x) is remainder-minimal 


(A.4) 



repeat 

#(1) := k 2 A«(x) - Kl x d ^-^A^(x) 
Assertions: 

deg(6(x)A (1) (a;) mod m(x)) < di (A.5) 
degA (1) (x) = degm(x) - d 2 (A.6) 
>degA< 2 )(x) (A.7) 



10 



11 

12 
13 
14 



15 
16 
17 
18 



di :=deg (&(x)A«(x) mod m(x)) 
if di < d begin 



Assertion: 

A' 1 ) (x) is remainder-minimal (A. 8) 



return A(x) := A (1) (x) 
end 

ki := lcf (b(x)A^(x) mod m(x)) 
until di < d 2 



Assertion: 

A^\x) is remainder-minimal 



(A.9) 



(A«(x),A( 2 )(x)) := (A( 2 )(x),A«(x)) 
(di,d 2 ) := (d 2 ,d 1 ) 
(ki,k 2 ) := («2)«i) 



end 



Note the added inner repeat loop (lines |7]-fl4|i, which does 
not change the algorithm but helps to state its proof. 

Throughout the algorithm (except at the very beginning, 
before the first execution of lines [9] and [T3j, d\, d 2 , K\, 
and k 2 are defined as in Lemma [fT i.e., d\ = deg r^ 1 ' (x), 
K\ — lcfr^-'(x), d 2 = de gr^ 1 ' (x), and k 2 — lcf r^ 2 \x) for 
(43) r (i)(a;) an( j r (2)( x ) as i n g and ([27 1. 

Assertions (AJTJ— (A|4]> are easily verified, both from the 
initialization and from (A[6]), (AjTJ, and (A[9|. 

As for (A[5]), after the very first execution of line [HJ we 

(44) 

still have d\ — degm(x) (from line ffl, which makes (A[5]l 
obvious. For all later executions of line 8] (A[5]) follows from 
Lemma Q] 

As for (A[6]l and (A[7]), we note that line [8] changes the 
degree of A'^(x) as follows: 



Upon entering the repeat loop, line[8]increases the degree 
of AW to 



degA^ 2 '(x) + di — d 2 = degm(x) — d 2 
> degA^(x), 



(45) 
(46) 

which follows from (A{T|i-(A[3]). 
• Subsequent executions of line [8] without leaving the 
repeat loop (i.e., without executing lines 15 -[17} do not 
change the degree of A^^x). (This follows from the fact 
that d\ is smaller than in the first execution while A^ 2 ^ (x), 
d 2 , and n 2 ^ remain unchanged.) 
Assertion (A|9]) follows from the Corollary to Lemma [2] 
(with A(x) = A^(x) and degr(x) = d 2 ), which applies 
because d\ < d 2 and (Aj6j. Because of (AjT), the same 
argument applies also to (Aj8). 

Finally, (A{T]i and (A|6]i imply that the polynomial A(x) 
returned by the algorithm satisfies 



degA(x) < degm(x) — d. 
VI. Conclusion 



(47) 



We have shown that decoding Reed-Solomon codes can be 
reduced to the problem stated in Section [II] and we proposed 
a new algorithm for solving this problem. In the special 
case where m(x) — x" — 1, the proposed algorithm almost 
coincides with the Berlekamp-Massey algorithm, except that 
it processes the syndrome in reverse order. However, the 
algorithm works for general m(x) and even for polynomial 
remainder codes (cf. the appendix), and it can also be used to 
compute inverses in F[x]/m(x). 

Appendix: Extension to Polynomial 
Remainder Codes 

The algorithm proposed in Section III] can also be used to 
decode polynomial remainder codes |9| |12|. which include 
Reed-Solomon codes as a special case. (The Berlekamp- 
Massey algorithm does not apply to such codes.) 

Let rrio(x), . . . , m„_i(x) € F[x] be relatively prime and let 
wi(x) = He=o m e(x). Let R m = F[x]/m(x) denote the ring 
of polynomials modulo m{x) and let R me = F[x]/mi(x). 
The mapping ([TJ is generalized to the ring isomorphism 



ip : Rm -> R mo x ... x R„ 



a(x) i y ip(a) = (tpo(a), . . . ,^„-i(a)) 



(48) 



with ijit(a) = a(x) mod mg(x). Following 1 12 , a polynomial 
remainder code may be defined as 

: deg?/'" 1 ^) < K} 
(49) 



{c = (cq, 



l) G Rn 



. x R„ 



where 



K 



k-l 

= £ 

1=0 



deg me(x) 



for some fixed k, < k < n. We also define 



N = deg m(x) — deg mi (x) 



(50) 



(51) 



As in Section [TIT] let y = c + e be the received word with 

c e C, and let C(x) = ^(c), E(x) = ^{e), and Y(x) = 
tp^ 1 (y). Clearly, degC(x) < K and degE(x) < N. 
For such codes, the error locator polynomial 



A e (x) 



n 



me(x) 



(52) 



t e {o, . . . ,n - 1} 



and the error factor polynomial fT2) 

A f (x)=m(x)/gcd(E(x),m(x)) (53) 

do not, in general, coincide. However, if all moduli mi(x) are 
irreducible, then Af(x) — A e (x). 

We then have the following generalization of Theorem [T] 

Theorem 2. For given y and e with deg Af(x) < t < N ~ K , 
assume that some nonzero polynomial A(x) with deg A(x) < t 
satisfies 



deg (Y(x)A(x) mod m(xj) < N - t. 



(54) 



Then A(x) is a multiple of A/(x). Conversely, A(x) = A/(x) 
is a polynomial of the smallest degree that satisfies (|54|. □ 



It follows that the decoding procedure of Section III works 
also for polynomial remainder codes, except that n, k, and 
A e (x) are replaced by N, K, and A/(x), respectively. More- 
over, C(x) can still be recovered from A(x) by means of ( 17 1 
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